Indonesia urgently needs personal data protection law

Author

PhD Candidate at Digital Media Research Centre and Research Assistant at Queensland University of Technology, Queensland University of Technology

Disclosure statement

Fiona Suwana does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.

Companies such as Google, Go-Jek and Grab not only provide services for their users. They also collect personal data of their users. Companies, individuals and government can all collect personal data.

The collection of huge data sets that can be searched, collected and cross-referenced is known as Big Data. Law scholar Yvonne McDermott argues that in the era of Big Data four key values must be upheld: privacy, autonomy, transparency and nondiscrimination.

In Indonesia, none of these values in regard to Big Data are enshrined under law. Indonesia does not have any comprehensive personal data protection law or regulation that protects Indonesians from misuse of data.

Increased foreign investment in the digital economy means a national conversation is needed to ensure citizens don’t get exploited.

Examples of personal data protection

Indonesians urgently need a comprehensive data protection framework. Around the world there are several instructive examples.

International human rights regulations already cover digital privacy, building on concepts in multipledeclarations on human rights and freedom.

The principles in the EU GDPR were also evident in a presentation by technology and data protection law expert Berend van der Eijk, at a discussion of Personal Data Protection in the Digital Era in Jakarta. He explained the transparency principle that citizens have a right to access, amend and occasionally remove their personal data from companies’ registers. Companies must also be upfront about why they collect personal data and how they’ll use it.

Another example of privacy breaches can be seen by checking the inbox of phone users in Indonesia. In Indonesia, businesses can easily send short message advertisements to millions of phone users based on their location. There are 371.4 million registered phone users in Indonesia, more than the total population of the country. The targeted ads through mobile phones violate privacy as providers never asked Indonesian phone users for their consent to give their data to third parties.

Budi Utoyo was also concerned about patient autonomy with the rise of digitised public health records. In a public discussion, he asked: “Is there any right for Indonesians to ask Indonesian hospitals to remove or delete their medical records if they aren’t a patient?”

However, he said that Indonesian data protection regulation is still an ongoing process as it requires harmonisation of other regulations by related government ministries in Indonesia.

What next?

Experts in all sectors must collaborate with the Indonesian government to push and create personal data protection law. This should protect citizens from having their data used without their consent or used to discriminate against them.

It is also worth noting that the law will have potential flow-on effects for the country’s economy. It would enable a safer business environment, in turn creating opportunities and investment for more Indonesian companies.

At the same time citizens also need to be educated about digital privacy in order to understand the potential risks and their right to protect it.

You might also like

Indonesia’s former president, Susilo Bambang Yudhoyono (left), and current president, Joko Widodo, had activists and scholars supporting their presidential campaigns. Many of them have since been given special staff positions in the administration.
Adi Weda/EPA